Werewolf Sharpening Known Stealer for New Attacks

May 29, 2024, 11:29 a.m.

Description

An analysis reveals that threat actors have developed custom malware based on the open-source SapphireStealer to harvest credentials from employees of Russian companies. The malicious operation involves deploying a modified version of the stealer malware, specifically tailored to target organizations within Russia, with the aim of exfiltrating authentication data from their systems.

External References

https://otx.alienvault.com/pulse/66570af4938058148e728779
Tags
2024-05-29
sapphirestealer
sapphire werewolf

Date

  • Created: May 29, 2024, 11:01 a.m.
  • Published: May 29, 2024, 11:01 a.m.
  • Modified: May 29, 2024, 11:29 a.m.

Indicators

  • 5c01531a6b7f25b92e9a2d0d67fe7057813140d2c60dc0bb356b190aa91a5857
  • 301d00aeae52011530370dcf32d0b68ebdcec291d94501b90a44dcc9a714e595
  • 204bcbb030856bfbd7f4b5edad94e17e61a3d44cde88dbcf4f6a30adb786d1a6
Download all indicators here!

Attack Patterns

  • SapphireStealer
  • Sapphire Werewolf

Additional Informations

  • Russian Federation